Количество 2
Количество 2
CVE-2024-5753
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.
GHSA-mwxm-35f8-6vg2
Vanna vulnerable to SQL Injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-5753 vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-mwxm-35f8-6vg2 Vanna vulnerable to SQL Injection | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу